Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/14/2019
04:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

One American, One Chinese National Indicted for Conspiracy to Commit Theft of Trade Secrets and Wire Fraud

A grand jury sitting in Greeneville, Tennessee has returned an indictment against Xiaorong You, a/k/a Shannon You, 56, of Lansing, Michigan, and Liu Xiangchen, 61, of Shandong Province, China for conspiracy to steal trade secrets related to formulations for bisphenol-A-free (BPA-free) coatings.  You was also indicted on seven counts of theft of trade secrets and one count of wire fraud.

Assistant Attorney General National Security John C. Demers, U.S. Attorney J. Douglas Overbey of the Eastern District of Tennessee, FBI Executive Assistant Director for the National Security Branch Jay Tabb, and Special Agent in Charge Troy Sowers of the FBI’s Knoxville Field Office made the announcement.

“The conduct alleged in today’s indictment exemplifies the rob, replicate and replace approach to technological development,” said Assistant Attorney General Demers.  “Xiaorong You is accused of an egregious, premediated theft and transfer of trade secrets worth more than $100 million for the purpose of setting up a Chinese company that would compete with the American companies from which the trade secrets were stolen.  Unfortunately, China continues to use its national programs, like the ‘Thousand Talents,’ to solicit and reward the theft of our nation’s trade secrets and intellectual property, but the Justice Department will continue to prioritize investigations like these, to ensure that China understands that this criminal conduct is not an acceptable business or economic development practice.” 

“Our office is committed to working closely with our federal, state and local partners to identify and prosecute those who engage in illegal and deceptive practices to steal trade secret and protected information from companies who spend millions of dollars to develop it,” said U.S. Attorney Overbey.  “Not only can theft of this information be potentially devastating to our American companies, it could also pose a threat to our overall national and economic security.”

“The facts laid out in this indictment show the conspirators engaged in blatant criminal activity,” said Executive Assistant Director Tabb.  “They didn't stop at going after technical secrets belonging to just one company.  They allegedly targeted multiple companies and made off with trade secrets at an estimated value of almost 120 million dollars.  As this case demonstrates, the FBI is determined to do everything possible to bring to justice those who try to steal secrets belonging to American companies.”

The BPA-free trade secrets allegedly stolen by these individuals belonged to multiple owners and cost an estimated total of at least $119,600,000 to develop.  Until recently, bisphenol-A (BPA) was used to coat the inside of cans and other food and beverage containers to help minimize flavor loss, and prevent the container from corroding or reacting with the food or beverage contained therein.  However, due to the discovered potential harmful effects of BPA, companies began searching for BPA-free alternatives. These alternatives are difficult and expensive to develop.

From December 2012 through Aug. 31, 2017, You was employed as Principal Engineer for Global Research by a company in Atlanta, which had agreements with numerous companies to conduct research and development, testing, analysis and review of various BPA-free technologies.  Due to her extensive education and experience with BPA and BPA-free coating technologies, she was one of a limited number of employees with access to trade secrets belonging to the various owners.  From approximately September 2017 through June 2018, You was employed as a packaging application development manager for a company in Kingsport, Tennessee, where she was one of a limited number of employees with access to trade secrets belonging to that company.

Details of the conspiracy are included in the indictment on file with the U.S. District Court.  The indictment alleges that You, Liu, and a third co-conspirator formulated a plan in which You would exploit her employment with the two American employers to steal trade secrets and provide the information for the economic benefit of trade secrets the Chinese company that Liu managed, which would manufacture and profit from products developed using the stolen trade secrets.  In exchange, Liu would cause the Chinese company to reward You for her theft, by helping her receive the Thousand Talent and another financial award, based on the trade secrets she stole, and by giving You an ownership share of a new company that would “own” the stolen trade secrets in China.  The conspirators also agreed to compete with U.S. and foreign companies, including some of the owners of the stolen stolen trade secrets, in China and elsewhere, by selling products designed, developed and manufactured using the stolen trade secrets.

The charges contained in this indictment are merely allegations, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law. 

The case is being investigated by the FBI’s Knoxville Field Office.

The government’s case is being prosecuted by the Eastern District of Tennessee and the National Security Division’s Counterintelligence and Export Control Section.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12453
PUBLISHED: 2019-07-19
In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
CVE-2019-12945
PUBLISHED: 2019-07-19
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2018-17792
PUBLISHED: 2019-07-19
MDaemon Webmail (formerly WorldClient) has CSRF.
CVE-2019-10102
PUBLISHED: 2019-07-19
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when ap...
CVE-2019-10102
PUBLISHED: 2019-07-19
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7...